Insurance Europe has urged the European Data Protection Board (EDPB) to align its guidelines for the calculation of data privacy fines with international standards.
The European insurers’ body responded to the EDPB’s consultation regarding its draft guidelines for fines under the EU’s General Data Protection Regulation (GDPR). The organisation said that these guidelines aim to create a harmonised basis from which the calculation of administrative fines in individual cases can be made by national supervisory authorities. While the draft guidelines provide more detail on the factors taken into account for the calculation, they do not make the level of fines more predictable, Insurance Europe said.
As stated in Article 83(1) of the GPDR, the turnover of the undertaking is a relevant element to be considered when imposing an effective, dissuasive and proportionate fine. However, according to the EDPB’s guidelines, when calculating the turnover of an insurance company, the supervisory authority should also take into account insurance premiums.
“This is not in line with the most recent accounting standards issued by the International Accounting Standards Board (IASB),” Insurance Europe said. “For example, IFRS 17 – Insurance Contracts, states that the information on insurance revenue must not include amounts the insurer is obligated to pay the policyholder regardless of whether the insured event occurs, or the so-called investment component. These amounts that represent the investment of the policyholder (such as the savings component of an endowment life insurance) must be excluded from the revenues in the profit and loss account.”
According to Insurance Europe, the IASB, acting as a global standard-setter for accounting, ensured the comparability of financial reporting by insurers and companies from other industries.
“Insurance Europe, therefore, encourages the EDPB to update its guidelines to take into account the international standards set out by the IASB,” it said.